Patching Win10 in the real world

Topic

New Reply

Forgive me for ranting. I have a half dozen kids over every Sunday morning, for a “learn to code” session. I haul out six computers – a Chromebook, an
[See the full post at: Patching Win10 in the real world]

Reply | Quote

Replies

I just heard a similar story while listening to RadioTunes’ smoothjazz station with its live show. It happened to the presenter of that show when starting his Windows 10 laptop at a gig in the UK where an artist who had flown over from the US was going to perform. He said that the upgrade took hours which, of course, prevented him from doing what he wanted to do with that laptop. He went back to the “far more reliable Windows 7”. He said: “no more windows 10 for me, absolute rubbish”….

Reply | Quote

Educating them and us – thanks Woody!!

Reply | Quote

I agree. Had a Win10 laptop where I have set my home WiFi to metered connection so I can update when I don’t have to be using he PC.

Then stayed with a friend a couple days, and got on their WiFi. Didn’t realize I needed to set Metered for THEIR network. PC soon went into update mode and I was prevented from work I had to get done right then.

MS could solve a lot of frustration by letting people defer updates for up to 3 weeks. Fine to ask me each time I wake my system, just give me some simple, brand-dead control over timing and then after 3 weeks, force the update.

Reply | Quote

The patch that was supposed to improve the Disk Cleanup Utility now tells me I have 3.99TB of Windows Update Cleanup on my 512GB SSD, and of course it never finishes. But if you reboot after a reasonable period of time and recheck, the Update Cleanup is 0.

Patching Win10 in the real world….

Reply | Quote

First thing first.
Windows 10 v 1607 has a known initial bug in relation to updating. This shows immediately after upgrading to 1607 or after a clean install. My experience is limited to trial editions of LTSB 2016 and Windows Server 2016 (same build, server equivalent of Windows 10 LTSB 2016), but according to world wide reports, this is the case for all versions.
The reports are mostly related to never ending WSUS updating, but as many users have already noticed it affects differently everyone, although it eventually completes if updating online. After this initial step, everything is back to normal, if Windows 10 update has ever been normal.
Recommendations:
– Try to upgrade/install with a network card but disconnected from Internet. Ideally this network card should be connected to a network switch or wireless network to avoid time-outs, but disconnected from internet. I didn’t test, but this should be the best option.
– While still disconnected from internet, after successful installation, download and manually install the latest CU which currently is KB3194798 and is about 700 MB
– Download and manually install the servicing stack update KB3199209

If it is not practical or impossible to disconnect from the internet and still be connected at a network at the same time, the other option is to go to Group Policy immediately (this really means IMMEDIATELY to avoid triggering AU) and set Computer ConfigurationWindows ComponentsWindows UpdateConfigure Automatic Updates to Disabled.
After the successful installation of the first current CU and the servicing stack as above, change the AU to the “default” as it is presented in the group policy description, which is Auto download and notify for install. You will have to update Defender manually few times a day when notified, but this is just a click of a button.

Note: I found this setting which seems to be new, Computer ConfigurationWindows ComponentsWindows UpdateDefer Windows UpdatesSelect when quality updates are received. You may find that with that setting in place, you can keep Auto Update to on.

Reply | Quote

Highly recommended. Kids today need to learn how to think in small, logical, sequential steps. That’s called “learn to code” in some circles, but it isn’t quite the same thing. I’ve found the website code.org invaluable in teaching kids (and their parents!) the basic tenants of thinking in small, logical steps.

Reply | Quote

If this is the deal then it’s not for anyone but the experts.

Reply | Quote

Maybe you should send that link to Microsoft.

Reply | Quote

“tenants”? Are you charging them rent?

Reply | Quote

Woody,

Just an idea:

I was thinking yesterday about the idea of narrated Youtube how-to videos and so forth,
the ‘Liam Neeson-esque voice of the south’ kind of thing (chuckle)

and a thought crossed my mind of a Windows 10 kind of bootcamp or an intensive course, like over a weekend,
helping people to set up their Windows 10 computers and learn how to do the basics and to stay safe, from the expert who wrote the definitive guide on the subject!

A weekend (say, for example, 3 hours in the morning, 3 hours in the afternoon, for 2 or 3 days in a row) would be good for people who didn’t live near to you – they could have a little mini-break at the same time enjoying the sights, music, shopping, and dining in Nashville. (Not getting involved yourself in the accommodation or food side of things, leaving that to the attendees to set up for themselves.)

You could offer a gift certificate for the course, so people could give it as a gift, such as for the upcoming holiday season.

You could do one for beginners, one for intermediate users, one for seniors, one for teens. They’d need to bring their Windows 10 computers, of course. (or their Surface thing, or whatever you were teaching them how to operate).

You could hire a training/meeting room at a local college, a local hotel, local convention center, that sort of thing – the group could be as big as you wanted, probably best though to keep it on the small side because of the sort of individualized help people often need in getting the hang of something for the first time.

You could also teach a course over a longer period of time (for more local folks) — say, an hour and a half for one evening a week, over x weeks.

You could also offer one-on-one training, it would be expensive but well worth the investment for the right clients.

Maybe you already do some teaching like that, or maybe you absolutely can’t stand teaching groups, or maybe you wouldn’t have the time, but I think it might be a great way to use your vast knowledge to help others and also to make a fair amount of money in exchange for the time spent (I don’t know how much that kind of course costs, but you are the author of a definitive guide to the subject, so it should be reasonably well-paying!)

…Just an idea!

—-
Another idea — I’m being serious — is one of those PBS infomercial tie-in thingies, where an expert in something (or at least a person who’s written a book about something) donates a 1-hour filmed lecture or presentation, plus allowing PBS to co-brand a few bits and bobs (like a copy of the book, a key chain, a mousepad, etc.) and to “give them away” to the tv audience in exchange for a donation to PBS — this type of thing is done for the PBS fundraising season, and then such shows are played over and over on PBS stations across the country at all times of year for the next few years, raising the author’s profile and increasing normal-channel sales of the items (through non-PBS avenues).

Reply | Quote

GACK! An “a” for an “e.” Ay yay yay.

Reply | Quote

and only one “n”

Reply | Quote

The forced automatic update in Windows 10 is THE main reason I avoid it like the plague.

Hope for the best. Prepare for the worst.

Reply | Quote

Ranting is why we come here. All right, among other things.

Reply | Quote

..as well as the overall corporate malware tactics!
Telemetry within patches, phone home etc..

Reply | Quote

I shall never live this down. Tenets of tenants, perhaps?

Reply | Quote

I am wondering if this is known behaviour.
I did a clean install of Windows 10 on a partition which previously had Windows 7 installed. This was not upgrade, but clean install as mentioned.
The installation offered to backup the old system files under Windows.old which happened. All normal and expected up to this point. This happens even when installing Windows 7 over an older Windows 7 in clean install mode (not upgrade repair in place).
After about 2 days, or possible exactly 2 days if checking the dates of some folders, the Program Files (x86), Program Files and Windows folders under the backed up location Windows.old have just disappeared without warning. Only old PerfLogs, Users, $Recycle.Bin and the file bootmgr were left in the backup folder. It is not 2 am when the maintenance is supposed to happen automatically daily, but as I said it appears to be exactly 2 days since the installation of Windows 10.
The old folders are useful as reference if for example the old software needs to be reinstalled under the new system, but the actual software required is not documented anywhere else.
Has anybody else noticed this behaviour?

Reply | Quote

I’ve never heard of it. Hard to fathom why MS would do that…

Reply | Quote

There is a reason which would be to remove old files from disk. Like Disk Cleanup running under a schedule with default options in the background and the behaviour is actually consistent to a certain degree with Disk Cleanup, only that the whole folder Windows.old is normally removed, not only selections.
I already know that the Disk Cleanup component removing the old patches is running every day starting with Windows 8 and this is why some people notice that old patches are removed without any action taken by the user.
It is more like these commands being scheduled in the case of patching removal:
Dism.exe /online /Cleanup-Image /StartComponentCleanup

Just got an idea while writing this and found the possible reason:
Task Scheduler LibraryMicrosoftWindowsDiskCleanup – SilentCleanup task
running
%windir%system32cleanmgr.exe /autoclean /d %systemdrive%
Description: Maintenance task used by the system to launch a silent auto disk cleanup when running low on free disk space.

Reply | Quote

Scorched-earth tactics? (We’re going to make sure you don’t revert to your old software.)

Reply | Quote

How much free space was left on the drive after you did the upgrade?

Reply | Quote

It was more than half of a 100 GB partition free, so I think the description is misleading, but the action seems to be the one which I described. And the time with a difference of 5 minutes which could be due to randomisation seems to be the same. It may not be related to the 2 days timing which I mentioned, that one being just a coincidence.

Reply | Quote

Is there anything in Win 7 Disk Cleanup that should *not* be cleaned?

Reply | Quote

I only give my Win10 experimental desktop machine access to the internet by plugging in the mobile-broadband dongle. But Win10 seems to regard that as a WIRED ethernet connection, and starts to download stuff irrespective of my data cap (limit). (I have taken several steps to defer updates to a later date; this is Win10 Pro, advice on this subject read here and elsewhere.)

EMPHASIS: I would like MS to allow me to “know better” and to choose — not as a matter of policy months in advance, but now, today, this instant — that THIS is a good time to lose the so-called service for an unpredictable time. (And otherwise, it’s not a good time.) I agree with Randall.

Off-topic, I had the same trouble with a well-known anti-virus tool some time back, which chose to update itself (notwithstanding its own settings) “in the middle of an important client presentation” (as I put it in my correspondence with the company). I am retired now, glad to be out of the main stream.

Reply | Quote

Blame the spell checker. 😉

-Noel

Reply | Quote

Your situation really illustrates the “it’s difficult to paddle upstream” factor.

The subtlety of that statement may be lost… In plain terms, it shows why Microsoft needs to make systems do what’s best for users, not themselves, and how their bad decisions STILL affect even the smartest, most knowledgeable people, and why user settings and expectations should NEVER be overridden.

You’re capable technically, Woody, and you know that disabling the Windows Update service except for when it’s convenient / acceptable to apply updates will do what you need to be able to rely upon Windows 10. But your life is really NOT just about running Win 10 – even though arguably you may have a greater focus on it than almost everyone else.

It’s about doing what YOU need to do.

But, clearly Microsoft doesn’t want you to do that. Their focus has shifted to making you do what THEY want.

And so even one of the most tech- and update-savvy people on the planet (not to mention forward-thinking) has been bitten by the “Microsoft feels they know better than you what you need (when they can’t possibly)” syndrome.

I feel sorry for the child.

But maybe he’s just gotten a lesson in why it’s bad to implicitly trust a big tech company. I’m sure you made it clear why he couldn’t play with the computer when he wanted to do so.

-Noel

Reply | Quote

Yeah. Instead of lecturing him on my shortcomings, I grumbled a lot and brought out an iPad.

He prefers the iPad anyway. Hard to blame him.

Reply | Quote

Yes, it’s known that Microsoft will delete your files from Windows.old a few days after installing. I don’t recall it being a fixed 2 days. I’ve seen it take as long as a week or more.

Yes, they feel comfortable deleting all your files.

Yes, it’s been happening for years.

Yes, it’s outrageous. I was surprised as much as you when I first saw it happen.

I once found the actual Microsoft documentation stating they will do so, though the wording was a bit obfuscated.

With a bit of Googling you can easily find others to whom the deletion of Windows.old has happened. Looking over my own online activity, I appear to have first noticed it in Windows 8.1.

https://social.technet.microsoft.com/Forums/windows/en-US/b14d1589-ef2e-4f7a-b3b8-0148d0ed9615/windowsold-folder-content-missing?forum=w8itprogeneral

-Noel

Reply | Quote

Thank you for confirming Noel.
Actually I identified the scheduled task which seems to be responsible for that action and it is highly likely that it started with Windows 8 when this automatic maintenance system was implemented.

Reply | Quote

It depends on what you are trying to achieve. The only irreversible task is when Disk Cleanup removes old Service Pack 1 files if the original installation was based on RTM, practically resetting the so called CBS base. However that Service Pack 1 was released early in 2011 and now after 5 years there should be no reason to keep the old files just in case there is an intention to uninstall SP1.

Reply | Quote

The forced updates are a natural reaction from the software industry to end-users not maintaining their systems and allowing internet bots like the ones which were in the recent news attacking Dyn. One day such users generating malicious traffic, even without their knowledge, might be fined like those unauthorised radio stations which broadcast without licence as an example.
If your antivirus system was patched at the time of the forced update, I am convinced you wouldn’t have to go through that event.

Reply | Quote

This same issue just happened to a DJ I know over the weekend. His machine restarted to install the updates. It cut the Karaoke session for around 10 minutes while Microsoft did its thing.

Reply | Quote

I just want to get rid of all the extraneous BS files that I don’t need. My Win 7 install disk was (I’m almost sure) GA, not RTM, with SP1 already on it.

I’m pretty sure I’d only want to keep the Offline Webpages, the Game Statistical Files, and the Thumbnails.

There are currently 0 bytes in the Service Pack Backup Files.

Reply | Quote

Then select what is of interest to you only.
You could only select the Windows Update files. If you look in the Setup Event Log after the fact, you will see that the computer needs a reboot to finish the uninstall, although it is not specified to you after running Disk Cleanup. Allow the reboot(s) to complete to avoid CBS stack corruption.

Reply | Quote

Thanks, CH, I appreciate the always good advice. 🙂

Reply | Quote

So how do I sign my 9 year old up for a “learn to code” session?

Just kidding. I appreciate all you do, Woody. Not only for us here, but for these kids as well.

Reply | Quote

“I feel sorry for the child.

But maybe he’s just gotten a lesson in why it’s bad to implicitly trust a big tech company. I’m sure you made it clear why he couldn’t play with the computer when he wanted to do so.”

What a teachable moment for these children!

Reply | Quote

Great question!

No sign-up needed. Go to code.org and click Students, then Course 2.

I was originally working with the MIT programs called Scratch. It’s great, and it interfaces easily with Lego Mindstorm, which is a tremendous pivot from monitor to meatspace. But I found it easier to teach with code.org.

Reply | Quote

Actually, I meant “sign up my 9 year old to come to Mr. Woody’s house for the “learn to code” session!

I’m definitely going to check out code.org.

Reply | Quote

😉

Reply | Quote

Here is the schedule for Windows Server 2016 updating. I have good reason to believe that this schedule is identical with the one for Windows 10. It looks very much like current/future Windows 7.

In summary:

Tuesday Patch B: new Security + all older updates (security + quality/non-security)
Tuesday Patch D: new Quality (non-security) + all older updates (security + quality/non-security)

https://blogs.technet.microsoft.com/mu/2016/10/25/patching-with-windows-server-2016/

Predictable Cadence

On the second Tuesday of every month (aka. Patch Tuesday) during the mainstream support phase a cumulative update which includes new security fixes will be released. Being cumulative this update will include all the previously released security and quality fixes.

Around the fourth Tuesday of every month a cumulative update will be released which includes new quality fixes. Being cumulative this update will include all the previously released security and quality fixes.

You can then have the flexibility to choose the security only update, or the quality update to build your patch management strategy around. Having a predictable cadence for when you can expect updates, enables you to build patch maintenance processes. Being able to plan ahead will simplify and streamline your ability to manage Windows Server.

Reply | Quote

Not quite the right thread, related to Cortana though.

Microsoft releases open source toolkit used to build human-level speech recognition

http://arstechnica.com/information-technology/2016/10/microsoft-releases-open-source-toolkit-used-to-build-human-level-speech-recognition/

Reply | Quote

My antivirus system WAS FULLY PATCHED at the time, both as to code (program) and data (definitions). The thing still tried to check for updates every 30 minutes, all the time, even when I turned it off (using the product’s controls). On a 56kbps dialup connection that was fatal. Even on a mobile broadband connection, the CPU load was fatal. A search would take 20 minutes or so, during which time the machine was unusable; 20 minutes every 30.

I emphasise that the thing was fully up-to-date (up to, say, 30 minutes ago); and couldn’t be turned off using the advertised controls. Eventually, a phone conversation with California produced a magic (but hidden) setting which cured the problem; but I had already decided to move on.

Forgive me for ranting.

Reply | Quote

That Dyn DDoS attack had nothing to do with PCs. It was all IoT stuff, for which there is no cure. Many of those devices can’t even change their passwords.

Reply | Quote